• Categories
  • PAID


  • Share



      Shodan is a search engine, like Google, but instead of searching for websites, it searches for internet-connected devices — from routers and servers, to Internet of Things (IoT) devices, such as thermostats and baby monitors, to complex systems that govern a wide range of industries, including energy, power, and transportation.


      How does Shodan work?

      Shodan works by requesting connections to every imaginable internet protocol (IP) address on the internet and indexing the information that it gets back from those connection requests. Shodan crawls the web for devices using a global network of computers and servers that are running 24/7.

      An IP address is your device’s digital signature — it’s what allows Google to tailor searches to your location, and it’s what allows all internet-connected devices to communicate with each other.

      Internet-connected devices have specific "ports" that are designed to transmit certain kinds of data. Once you’ve established a device’s IP address, you can establish connections to each of its ports. There are ports for email, ports for browser activity, ports for printers and routers — 65,535 ports in all.

      When a port is set to "open", it's available for access — this is what allows your printer to establish a connection with your computer, for example. The computer “knocks” at the open port, and the printer sends a packet of information called a "banner" that contains the information your computer needs to interact with the printer.

      Shodan works by "knocking" at every imaginable port of every possible IP address, all day, every day. Some of these ports return nothing, but many of them respond with banners that contain important metadata about the devices Shodan is requesting a connection with.

      Banners can provide all sorts of identifying information, but here are some of the more common fields you will see in a banner:

      • Device name: What your device calls itself online. For example, Samsung Galaxy S21.
      • IP address: A unique code assigned to each device, which allows the device to be identified by servers.
      • Port #: Which protocol your device uses to connect to the web.
      • Organization: Which business owns your “IP space”. For example, your internet service provider, or the business you work for.
      • Location: Your country, city, county, or a variety of other geographic identifiers.

      Some devices even include their default login and password, make and model, and software version, which can all be exploited by hackers.  


      What can you find on Shodan?

      Any device connected to the internet can potentially show up in a Shodan search. Since Shodan went public in 2009, a pretty large community of hackers and researchers have been cataloging the devices they’ve been able to find and connect with on Shodan — things like:

      • Baby monitors
      • Internet routers.
      • Security cameras.
      • Maritime satellites.
      • Water treatment facilities.
      • Traffic light systems.
      • Prison pay phones.
      • Nuclear power plants.

      Before you freak out and go hide in a bunker, remember that Shodan merely indexes publicly available information. Yes, it can show users a nuclear power plant’s server banner, but that doesn’t mean that anyone with an internet connection can cause a nuclear meltdown. In the case of industrial computers and old SCADA systems, many of them are protected by passwords, two-factor authentication, firewalls, and strict security protocols.

      However, Shodan does reveal just how much of our information is publicly available. If your webcam is internet-facing, and you haven’t changed its default logins, hackers can access it without your knowledge, gaining an easy window into your home. In fact, webcams are one of the most commonly searched terms on Shodan's 'Explore' page.